portainer/api/http/handler/extensions/upgrade.go

package extensions

import (
	portainer "github.com/portainer/portainer/api"
)

func updateUserAccessPolicyToReadOnlyRole(policies portainer.UserAccessPolicies, key portainer.UserID) {
	tmp := policies[key]
	tmp.RoleID = 4
	policies[key] = tmp
}

func updateTeamAccessPolicyToReadOnlyRole(policies portainer.TeamAccessPolicies, key portainer.TeamID) {
	tmp := policies[key]
	tmp.RoleID = 4
	policies[key] = tmp
}

func (handler *Handler) upgradeRBACData() error {
	endpointGroups, err := handler.EndpointGroupService.EndpointGroups()
	if err != nil {
		return err
	}

	for _, endpointGroup := range endpointGroups {
		for key := range endpointGroup.UserAccessPolicies {
			updateUserAccessPolicyToReadOnlyRole(endpointGroup.UserAccessPolicies, key)
		}

		for key := range endpointGroup.TeamAccessPolicies {
			updateTeamAccessPolicyToReadOnlyRole(endpointGroup.TeamAccessPolicies, key)
		}

		err := handler.EndpointGroupService.UpdateEndpointGroup(endpointGroup.ID, &endpointGroup)
		if err != nil {
			return err
		}
	}

	endpoints, err := handler.EndpointService.Endpoints()
	if err != nil {
		return err
	}

	for _, endpoint := range endpoints {
		for key := range endpoint.UserAccessPolicies {
			updateUserAccessPolicyToReadOnlyRole(endpoint.UserAccessPolicies, key)
		}

		for key := range endpoint.TeamAccessPolicies {
			updateTeamAccessPolicyToReadOnlyRole(endpoint.TeamAccessPolicies, key)
		}

		err := handler.EndpointService.UpdateEndpoint(endpoint.ID, &endpoint)
		if err != nil {
			return err
		}
	}

	return handler.AuthorizationService.UpdateUsersAuthorizations()
}
feat(extensions): introduce RBAC extension (#2900) 2019-05-24 06:04:58 +00:00			`package extensions`

feat(api): relocate authorizations outside of JWT (#3079) * feat(api): relocate authorizations outside of JWT * fix(api): update user authorization after enabling the RBAC extension * feat(api): add PortainerEndpointList operation in the default portainer authorizations * feat(auth): retrieve authorization from API instead of JWT * refactor(auth): move permissions retrieval to function * refactor(api): document authorizations methods 2019-09-09 22:58:26 +00:00			`import (`
			`portainer "github.com/portainer/portainer/api"`
			`)`
feat(extensions): introduce RBAC extension (#2900) 2019-05-24 06:04:58 +00:00
			`func updateUserAccessPolicyToReadOnlyRole(policies portainer.UserAccessPolicies, key portainer.UserID) {`
			`tmp := policies[key]`
			`tmp.RoleID = 4`
			`policies[key] = tmp`
			`}`

			`func updateTeamAccessPolicyToReadOnlyRole(policies portainer.TeamAccessPolicies, key portainer.TeamID) {`
			`tmp := policies[key]`
			`tmp.RoleID = 4`
			`policies[key] = tmp`
			`}`

			`func (handler *Handler) upgradeRBACData() error {`
			`endpointGroups, err := handler.EndpointGroupService.EndpointGroups()`
			`if err != nil {`
			`return err`
			`}`

			`for _, endpointGroup := range endpointGroups {`
			`for key := range endpointGroup.UserAccessPolicies {`
			`updateUserAccessPolicyToReadOnlyRole(endpointGroup.UserAccessPolicies, key)`
			`}`

			`for key := range endpointGroup.TeamAccessPolicies {`
			`updateTeamAccessPolicyToReadOnlyRole(endpointGroup.TeamAccessPolicies, key)`
			`}`

			`err := handler.EndpointGroupService.UpdateEndpointGroup(endpointGroup.ID, &endpointGroup)`
			`if err != nil {`
			`return err`
			`}`
			`}`

			`endpoints, err := handler.EndpointService.Endpoints()`
			`if err != nil {`
			`return err`
			`}`

			`for _, endpoint := range endpoints {`
			`for key := range endpoint.UserAccessPolicies {`
			`updateUserAccessPolicyToReadOnlyRole(endpoint.UserAccessPolicies, key)`
			`}`

			`for key := range endpoint.TeamAccessPolicies {`
			`updateTeamAccessPolicyToReadOnlyRole(endpoint.TeamAccessPolicies, key)`
			`}`

			`err := handler.EndpointService.UpdateEndpoint(endpoint.ID, &endpoint)`
			`if err != nil {`
			`return err`
			`}`
			`}`
feat(api): trigger user authorization update when required (#3213) * refactor(api): remove useless type cast * feat(api): trigger user authorization update when required * fix(api): fix missing RegistryService injection 2019-10-07 02:42:01 +00:00
			`return handler.AuthorizationService.UpdateUsersAuthorizations()`
feat(extensions): introduce RBAC extension (#2900) 2019-05-24 06:04:58 +00:00			`}`